The World's Most Secure Home Computer Reaches Crowdfunding Goal

"If the PC is tampered with, it will trigger an alert and erase the PC's encryption key, making the data totally inaccessible." Last month Design SHIFT began crowdfunding an elaborate "open source, physically secure personal computer" named ORWL (after George Orwell). "Having exceeded its $25,000 funding goal on Crowd Supply, the super-secure PC is in production," reports PC World, in an article shared by Slashdot reader ogcricket about the device which tries to anticipate every possible attack: The encryption key to the drive is stored on a security microcontroller instead of the drive... The ORWL's makers say the wire mesh itself is constantly monitored... Any attempts to trick, bypass, or short the wire mesh will cause the encryption key to be deleted. The unit's security processor also monitors movement, and a user can select a setting that will wipe or lock down the PC's data if it is moved to another location... The RAM is soldered to the motherboard and can't be easily removed to be read elsewhere...

Your ORWL unlocks by using a secure NFC and Bluetooth LE keyfob. Pressing it against the top of the ORWL and entering a password authenticates the user. Once the user has been authenticated, Bluetooth LE is then ensures that the user is always nearby. Walk away, and the ORWL will lock.

... formerly most secure computer

[damn_registrars]

They can't really expect to hold on to that title when they are willing to send it out with Windows 10 preinstalled.

But can it handle DOS attacks?

[Vlad_the_Inhaler]

What is the market for this?

Interesting concept, but...

[Striek]

It's an interesting concept, but it goes too far... it would be trivially easy to have this thing delete the encryption key - just shake it around a bit and it, and all its data, become useless. The risk of data loss when using this "secure" computer would be so high, even by accident, that you'd need a backup close by somewhere.

So anytime someone is seen with a computer this secure, just target their backups instead. Considering the relatively high likelihood of accidntal erasure, they're sure to have them.

Besides, although the data stored on this is extremely secure, it isn't very available. It's opens up a huge attack surface by making it far to easy to destroy the data on this thing, limiting its effectiveness and market considerably.

I commented on this on the red site...

While all the *PHYSICAL* technical measures are excellent, they make a gross presumption about the security of the electronics inside. Electronics which are running firmware which due to the lack of public scrutiny and method of replacement could easily be used to backdoor this device and exfiltrate the security keys and/or believed secure data from the device whether or not the device was authenticated, or be used to disable the aforementioned security measures before they could inactive the contents of the device.

Personally, any device with wireless capabilities built in I consider suspect. Anything with USB or another hotplug bus I consider infiltratable with limited physical access. Anything connected to a network I consider compromisable with sufficient knowledge of the hardware and operating system.

If you want a device with the level of security this device claims, today you would need essentially custom chips all the way up, and designed with e-fuse (or worm) memory built into the chip and/or package that either you, or your organization programmed. Furthermore in the event of device compromise it would need the capability to blow all remaining fuses to wipe the in-chip keys and enough residual charge to similiarly wipe or corrupt all other flash devices inside (hard disks by nature of their io speed could not be done like this, but everything up to a terabyte SSD should be capable of wiping within a minute. Larger devices could simply have patterned wipes done to ensure not enough blocks were recoverable to ensure decryption.